Norwegian DPA’s Interpretation of Consent Sets New International Standard
Why This Privacy Law is Important:
In 2021, the Norwegian data protection authority, Datatilyset, issued an $11.7 million fine against the gay social media application, Grindr, for violating users’ consent under GDPR. When viewed in concert with recent trends, it is apparent that Datailyset’s definition of consent—requiring it to be specific, informed, freely given, unambiguous, and granular—will require organizations to transform how they obtain and manage consumer consent.
Overview:
Datatilyset issued an administrative fine of NOK 100,000,000 (approximately €10 million) for its failure to comply with GDPR rules on consent. They found that Grindr shared user data to a number of third parties without legal basis for marketing purposes, including GPS location, user profile data, and the fact that the user in question is on Grindr. While Grind had obtained some user consent, the DPA found that it failed to meet several of the criteria GDPR requires for valid consent.
Datatilyset’s decision clarifies key elements of the standard for consent set by GDPR—and potentially applicable in other jurisdictions as well.
Download the Privacy Alert to the right to get the full text and expert analysis!